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(57) Abstract 



This invention concerns the checking of 
data in a systems where the security is an im- 
portant issue. According to the invention a first 
reference value is calculated at least partly based 
on a first error check value calculated from the 
data and a first authentication value (202) , When 
checking tiie data a second error check value is 
calculated from the data. As well, a second ref- 
erence value is calculated at least partly based on 
a first and a second value from the set of the sec- 
ond error check value* a second authentication 
value and the first reference value The second 
reference value is compared with a third value 
from the set of the second error check value, 
the second authentication value and the first ref- 
erence value The invention also comprises a 
transmitter and a receiver which arc arranged to 
perform the described operations., 
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New method for checking the data 

The invention concerns the secmity of the data tiansmission and the checking the 
data, especially in digital mobile telecommunication networks 

5 Security is becoming more and moie important in the field of communications., The 
paper-based communication is used less and modern electronic systems aie used 
more and more This trend increases the risk that information transmitted via 
electronic networks falls into the hands of somebody to whom it was not meant to. 
The data can also change during the transmission because of the different kinds of 

1 0 interference in the tiansmission path . 

Methods have been developed by means of which the receiver can notice, if 
somebody has altered the data between the sending end and the receiving end . The 
same methods can be used to detect, if the data has changed as a result of inter- 
ference in the tiansmission path. Usually these methods utilize some kind of eiior 
15 detecting algorithm codes, like parity checking. 

One very effective method to carry out the error detection is to use the so called 
cyclic redundancy check (CRC). CRC is a very powerful but easily implemented 
technique for obtaining data reUability The basic idea in CRC is that the transmitter 
appends an exta n-bit sequence to every data frame This extra n-bit sequence is 

20 called frame check sequence (FCS). The FCS is generated by the transmitter from 
the original data fiame, The resulting fiame (the cascade of the original frame and 
the FCS) is divisible by some pre-defined polynomial which is called the CRC 
polynomial In the receiving end the transmitted data fiame is divided by the CRC 
polynomial. The remainder of the division is checked and if it equals to zer o the 

25 tr ansmitted data has not changed in the ttansmission path 

hi addition to the error check there is need for seeming the data so that nobody else 
than justified receiver is able to find out the content of the data fiame . In principle 
there are two different secmity mefhoi^ available These methods are based on an 
algorithm or algorithms which are used to encrypt and decrypt the data The fust 
30 security method is based on a secret key method In the secret key method ther e is 
used only one key or one algorithm to encrypt and decrypt the data Both the sender 
and the receiver of the data use the same secret key . The most important point in the 
secret key method is that the key should be kept secret so that the only persons who 
know the key are the sender and the receiver One of the biggest problems in the 



wo 00/65765 



PCr/FIOO/00353 



2 

secret key method is that the key should be tiansmitted secietively fiom the fust 
usei to another and this means that a third party has an opportunity to get the secret 
key,. 

The second security method is based on a so called secret and public key pair., A 
5 user creates these two keys. The public key is given available for everybody All 
other users encrypt their messages meant for the publisher of the public key by 
using the public key The encrypted message can be decrypted only with the secret 
key which is known only by the publisher of the keys The advantage of the public 
key method is that there is no need to t ansmit the secr et key and because of this the 
10 security is better than in the previously described secret key method The power of 
the public and secret key method is that the method is mathematically very heavy so 
that the decryption of the encrypted data without the secret key takes so long time 
that the encrypted data is out-of-date when the decryption is accomplished without 
the correct keys . 

15 Digital signature is used to identify the signer, who is the sender of the data. 
Advantageously in the digital signatme method it is used the secret and public key 
method to achieve the signature for a certain data Digital signature works for 
example like this: The sender' of the message derives for' example an error check 
value from the original message, After this the sender of the message encrypts the 

20 error check value with his secret key and sends the original message and the 
encrypted error check value to the receiver The receiver decrypts the encrypted 
error- check value with the sender's public key, which the sender has delivered to 
everybody. The receivei also derives the error" check value fiom the oiiginal 
message and compaies these two erioi check values. If the values ate equal, the 

25 message is fiom the correct sender If they don't equal, the message has been 
corrupted. 

It is plarmed that the mobile telecormnimication networks, like the GSM, will be 
capable to ti ansmit the data as a data packets In GSM this is achieved by combining 
a so called GPRS (General Packet Radio Service) network to the GSM network In 

30 figure 1 it is shown one possible arrangement of the GPRS network, There is shown 
a mobile station 101, which is in connection to MSG (Mobile Switching Centre) 104 
through BTS (Base Transceiver Station) 102 and BSC (Base Station Controller) 
103 Ther-e can be attached different types of networks, like for instance PSTN 
(Public Switched Telephone Network) network 105 and SS7 network, to the MSG 

35 104. A new network element is arranged to liie BSC 103, which is called PCU 
(Packet Control Unit) 107 However, it is by no means compulsory that the PCU 
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(107) is located at the BSC (103), but it can be as a sepaiate unit or attached to the 
BTS (102) as well. The PCU 107 is aiianged to conttol the data packets The packet 
network 112 is attached to other netwoik topology thiough the PCU 107 Between 
the GPRS backbone network 113 and the PCU 107 it is arranged a SGSN (Serving 
5 GPRS Support Node) node 108 A GPRS register 109, or more generally a home 
location register that contains user related information, into which some kind of 
subsciibei*-i elated information concerning GPRS service netwoik element is saved, 
is also a part of the GPRS network. GGSN (Gateway GPRS Support Node) nodes 
1 10 aie the elements thiough which any other kind of packet network 111, like IP, 
10 031 data or X.25, can be attached to the GPRS network. In figme 1 the sohd line 
symbolizes the data tiansmission and the signalling between the network elements 
and the broken line symbolizes that there are signaUing between the network 
elements., A shnilar arrangement is plaimed to the third generation mobile tele- 
communication networks for tiansmitting the data as a packet data. 

15 It is important to know that the received data is fiom the correct sender The 
methods shown here are also applied to verify the sender of the data as previously 
shown, One possible way to do the verification is to derive a so called 
audientication value fiom the original data, which authentication value is a kind of 
digital signature. The authentication value can be arranged so that it may be derived 

20 fiom various inputs The input can be e g a packet number, the dir ection (uplink or 
downlink) of the transferred packet, a secret key or any other similar value The 
algorithm, by means of which the authentication value is calculated, is the same or 
the reverse at the sendmg end and at the receiving end. The algorithm is kept secret 
if it is not strong enough. The calculated authentication value is carried in each 

25 packet so that every single packet include the key by means of which the content of 
the data packet can be checked, whether is original or not. In the examples 
described in this application, r^ually the exclusive OR (XOR) mathematical 
function is used However, it is evident to a man skilled in the ait ±at any function f 
for which exists an inverse function f ^ so that f \f(x)) gives x can be used as well. 

30 This authentication method shown has one big disadvantage. It increases 
significantly the packet size, because the calculated authentication value is trans- 
mitted in every data packet separately fiom the rest of the data to be transmitted As 
a result, a part of the capacity for data tiansmission is wasted because of these 
additional authentication value fi ames., 

35 An object of the present invention is to provide a new method by means of which 
the authentication value can be transmitted in a packet data tiansmission network 
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without incieasing the packet size. It piovides a simple pei packet authentication so 
that the receivei can with one check determine if ' the packet is valid oi not A second 
object of tiie present invention is to provide a tiansmittei, which is capable of 
ananging the authentication value into a packet so that the packet size is not 
increased A third object of the present invention is to provide a leceiver, which is 
capable of checking, if the transmitted data has changed in the transmission path , A 
fourth object of the present invention is to provide a mobile station which is capable 
of transmitting and receiving the authentication value without increasing the packet 
size 

The above stated objects are achieved by combining the authentication value to the 
error check data so that it does not add the packet size Combining the 
authentication value to error check data is done by using a logical function, for 
example At the receiving end the combination of the error check value and the 
authentication value is processed so that the integiity of the data can be checked 

The advantage of the present invention is that by using this arrangement in a 
telecommunication system the bandwidth of the system can be saved It also enables 
the use of digital signatures with fixed length frames of present protocols without 
changing the fiame formats As a result, the authenticity can be provided without 
increasing the packet size One very important aspect is that the invention is 
applicable in all digital communication systems 

The method according to the invention is characterized in that 

-a fust reference value is calculated using at least paitiy based on a fust 
authentication value and a fust error check value calculated fiom the data 

The ttansmittei according to the invention is characterized in that the tiansmitter 
comprises 

- means for deriving an authentication value (202) from the data to be transmitted 
(201), 

- means for* deriving an error check value fiom the data to be transmitted (201) and 

- means for combining said authentication value (202) and said error check value 
with a logical function for producing a first reference value 

The receiver for receiving data having means for checking received data according 
to the invention is characterized in that the receiver comprises 
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- means for deiiving a first lefeience value fiom Ihe received data, 

- means foi calculating a second eiioi check value fiom the received data, 

- means for calculating a second reference value at least partly based on a first and a 
second value fiom the set of said second error check value, a second authentication 

5 value and said fir st reference value, and 

- means for comparing said second reference value with a third value fiom the set of 
said second enor check value, said second authentication value and said first 
reference value. 

The station, comprising a transmitter and a receiver, according to the invention is 
1 0 characterized in that the ti ansmitter comprises 

- means for deriving an authentication value (202) fiom the data to be transmitted 
(201), 

- means for deriving an error check value fiom the data to be transmitted (201) and 

- means for combining said authentication value (202) and said enoi check value 
15 with a logical function for producing a fir st reference value 

and 

the r eceiver comprises 

- means for deriving a first reference value fiom the received data, 

- means for calculating a second err or check value fiom the r eceived data, 

20 - means for calculating a second reference value at least partly based on a first and a 
second value fiom the set of said second error check value, a second authentication 
value and said fir st reference value, and 

- means for comparing said second reference value with a third value fiom the set of 
said second error check value, said second authentication value and said first 

25 reference value. 

The present invention will now be described more in detail in the following with the 
reference to the accompanying drawings, in which 

fig, 1 illustrates one possible arrangement of the GPRS network. 
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fig 2 illustiates one possible airangement at the sending end, 

fig 3 illust ates one possible aiiangement at the leceiving end and 

fig 4 illustiates a block diagiam of a mobile station 

In the present invention the data transmitted is pxocessed at the both ends, that is at 
5 the sending end and at the xeceiving end, in the same way so that the integrity of the 
message can be checked. At the sending end, as shown in figure 2, the eiroi check 
value, which in this pieferied embodiment is a CRC 205, is derived ftom the 
oiigmal data 201 Next, the authentication value 202, which can be derived for 
instance by using a packet number or a secret key as an input and a secret algorithm, 
10 is combined to the CRC field, The broken line describes that the authentication 
value 202 is in some way derived fiom the original data 201 . The combination of 
the CRC 205 and the authentication value 202 is carried out in this preferred 
embodiment of the invention by using the logical fimction "exclusive-OR'' (XOR) 
203 , XOR 203 is a function which produces an output of 1 when exactly one of its 
15 two inputs is 1 As a result, the data, which is to be sent, comprises the original data 
field 201 and another field, which consists of the XORed value 308 of the CRC 205 
and the autiientication value 202 To a man skilled in the art it is obvious that the 
authentication value 202 can be any value, which is advantageously possible to 
derive from the original data 201 . 

20 At the receiving end the data received is arranged to be processed vice versa, as 
shown in figure 3 The XORed data 308 is re-XORed 203 with the authentication 
value 302, which is the same as the authentication value 202 at the sending end in a 
case where the data sent is not changed. The authentication value 302 can be 
derived fiom the received data 301 in the same way as at the sending end By using 

25 the rules of binary algebra the result of this le -XORing 203 is CRC value 304 By 
comparing 305 this CRC 304 to another CRC 303 calculated at the receiving end 
fiom the received data, it can be found, if the data has changed in the trairsmission 
path If the comparison 302 shows that the CRCs 303; 304 are the same, it means 
that the received data 301 has been tansmitted without any changes 306 But, if the 

30 comparison 305 shows that the CRCs 303; 304 differ' fiom each other, it means that 
the original data 201 has changed in the transmission path, or that the authentication 
value 302 was not correct at the receiving end. As a result, the data received can be 
erased 306, 
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To a man skilled in the ait it is obvious that the method shown leveals all cases 
when the original data 201 has been processed between the sending end and the 
receiving end in condition that the algorithm for deriving the authentication value 
202; 302 is kept secret If the oiiginal data 201 has been changed, the CRCs 303; 
5 304 differ from each other as previously stated, As well, if the authentication value 
302 at the receiving end is not the same as the authentication value 202 at the 
sending end, the compared CRC values 303; 304 do not equal, The reason for this is 
that the XOR operation 203 to the XORed data 308 received and the authentication 
value 302 does not produce the original CRC value 205. 

10 To a man skilled m the art it is obvious that the check can also be peifoimed so that 
at the receiving end CRC is calculated fiom the teceived data 301 and it is re- 
XORed with the XORed data 308 so that the result is the authentication value 
Another authentication value can be derived somehow fiom the received data 301 
As a result these two authentication values aie compared 305 and if the comparison 

15 305 equals, the data has been tiansmitted without any changes If the result of the 
comparison is unequal the data received can be er ased A third possibility to check 
the validity of data is that the receiver derives an authentication value 202 and an 
err or check value 303 fiom the r eceived data 301 and XORs them The result of this 
XORing is compared to the XORed data value 308 which is received If the 

20 comparison equals the received data is valid, if not the data has been coiiupted in 
the transmission path. 

The input for the authentication value 202; 302 can preferably be a packet number 
or a secret key., At both ends it is used the same, advantageously secret, algorithm 
for calculating the authentication value 202; 302 As a result, the authentication 

25 value 202; 302 can for example be a CRC of the original data 201, which is 
encrypted with the secret key of the sender . To a man skilled in the art it is obvious 
that most preferably the authentication value 202; 302 is derived from such an input 
that is dependent on the data which is to be tiansmitted One possible input for the 
authentication value 202; 302 is the direction (uplink or downlink) of transferred 

30 data packet 

It is obvious that the data field can also be encrypted so that nobody not justified is 
capable to read the message. The methods shown previously can be used to perf orm 
this encryption, 

One possible application of this invention is to use it in all solutions wher e the so 
35 called packet data transmission is used. As an example, we consider- a situation 
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where a mobile station 101 is communicating with another mobile station 101 
thiough the GPRS network The mobile station 101 is aiianged to secuie the data to 
be tr ansmitted so that nobody not justified is able to change the data When the data 
is ready to be sent, the CRC 205 is derived fiom the digital data 201 m the tians- 

5 mitter block of ' the mobile station 101, As well the authentication value 202 is 
derived fiom the digital data 201 in the transmitter block The CRC 205 and the 
authentication value 202 aie combined together with a logical function 203 . In the 
tEansmitter block of the mobile station 101 the original digital data 201 and the 
combination of the CRC 205 and authentication value 202 aie aiianged to the same 

10 data packet which data packet is sent 

The data packet is transmitted for instance thiough the GPRS network to another 
mobile station 101 The receiver block of the mobile station 101 receives the data 
packet, or more precisely, the combination of blocks 301 and 308, and derives the 
authentication value 302 in the same way as at the transmitter block. This derived 
15 authentication value 302 is combined with the XORed data field 308 with the same 
logical operation 203, advantageously with XOR function, as in the transmitter 
block. The result of this combination is according to this preferred embodiment of 
the invention the CRC value 304. The receiver block derives another CRC 303 from 
the original data for checking, if the data is from the original sender The check may 
20 be done by comparing 305 these two CRC values 303; 304 If the comparison 305 
shows that the data is valid 306, the receiver block of the mobile station 101 passes 
the data onto the other blocks of the mobile station 101 so that the user of the 
mobile station 101 is able to find out the content of the data. If the comparison 305 
fails, it shows that an unauthorized person has changed the data or the data has been 
25 corrupted dming the transmission, the data can be erased 307 in the receiver block 
of the mobile station 101 Alternatively the data can be shown to flie user of the 
mobile station 101 with the notification that the data has changed in the ttans- 
mission path To a man skilled in art it is obvious that the data transmitted between 
the user of the tiansmitting mobile station 101 and the usei of the itceiving mobile 
30 station 101 can be any type of data which is possible to ttansmit through a packet 
data network. Fmther, to a man skilled in the art it is obvious that the logical 
function shown previously may be implemented by using the logic gates in 
hardware. As well, the same can be achieved with software 

Figme 4 shows a block diagram of a digital mobile communication means accor ding 
35 to an advantageous embodiment of the invention The mobile communication means 
comprises a microphone 401, keyboard 407, display 406, earpiece 414, antenna 
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duplexer or switch 408, antenna 409 and a control unit 405, which all aie typical 
components of conventional mobile conunimi cation means Fuithei, the mobile 
communication means contains typical transmission and leceivei blocks 404, 411 
Transmission block 404 compiises functionality necessary for speech and channel 
5 coding, enciyption, and modulation^ and the necessary RF circuitry foi 
amplification of the signal for transmission. Receiver block 411 compiises the 
necessary amplifiei' ciicuits and functionality necessary foi demodulating and 
decryption of the signal, and removing channel and speech coding. The signal 
pToduced by the microphone 401 is amplified in the amplifier stage 402 and 
10 converted to digital form in the A/D converter 403, whereafter the the signal is 
taken to the transmitter block 404. The transmitter block encodes the digital signal 
and produces the modulated and amplified RF -signal, whereafter the RF signal is 
taken to the anterma 409 via the duplexer or switch 408 The receiver block 41 1 
demodulates the received signal and removes the encryption and channel coding 
15 The resulting speech signal is converted to analog form in the D/A converter 412, 
the output signal of which is amplified in the amplifier stage 413, whereafter the 
amplified signal is taken to the earpiece 414 The control unit 405 controls the 
functions of the mobile communication means, reads the commands given by the 
user via the keypad 407 and displays messages to the user via the display 407 
20 Further; in this preferred embodiment the transmitter block 404 comprises first 
means 416 for deriving an authentication value fiom the data to be transmitted, 
second means 417 for* deriving an error check value fiom the data to be transmitted 
and third means 418 for combining said authentication value and said error check 
value with a logical function for producing a frrst reference value, Conespondingly, 
25 in this preferred embodunent the receiver block 41 1 also comprises first means 420 
for deriving a first reference value fiom the received data, second means 421 for 
calculating a second error check value fiom the received data, third means 422 for 
calculating a second reference value at least partly based on a first and a second 
value fiom the set of said second error check value, a second authentication value 
30 and said first reference value, and fourth means 423 for comparing said second 
refer ence value with a third value fiom the set of said second error check value, said 
second authentication value and said first reference value The means mentioned 
can be any kind of arrangements which are capable to perform the operations 
described. For example the means can be computer programs, which are used by a 
35 nucroprocessor 415; 419 in a transmitter 404 and a receiver block 41 1 in a mobile 
station for perfornring the operations described., 
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The piesent invention is not limited to the embodiment of Fig. 4, which is presented 
as an example only Foi example, the invention can as well be applied to an analog 
communication means. 

The previously desciibed data check can also be aixanged so that the check is 

5 caiiied out in a network element For example the GPRS netwoik compiises a 
SGSN 108 which is communicating with the mobile station 101 though a logical 
link caDed LLC LLC has a CRC function (ETSI GSM 03 60) According to one 
prefeiied embodiment of the invention the autiientication value has been added to 
the CRC field to provide a per packet authentication The benefit is that the netwoik 

10 operator can be sure that the packet is oiiginating from the valid user. This method 
can in certain cases (traffic is encrypted by the user, browsing public web sites) 
avoid the use of ciphering Additionally, with this arrangement the netwoik oper ator 
is capable of performing the billing according to the use of the network. To a man 
skilled in liie ait it is obvious that the SGSN 108 comprises the corresponding 

15 means 415; 416; 417; 418; 419; 420; 421; 422; 423 for checkmg the data as the 
receiver block 404 and the transmitter block 411, The netwoik element mentioned 
can be any other netwoik element than the SGSN 108 To a man skilled in the art it 
is obvious that the netwoik element can in an advantageous embodiment of the 
invention comprise the means 415; 416; 417; 418; 419; 420; 421; 422; 423 

20 desciibed previously The operations of the means can also be peifoimed with any 
othei possible way which is suitable f or telecommunications 

For example the same operations can be performed in a transmitter block and in a 
receiver block of a base station, 

The method shown can also be applied to file management and ciphering in 
25 computer systems For example the operating system can check if the valid 
administiatoi has made the changes to the settings of the operating system by 
compaiiQg the user-specific values which can be derived fiom the file the user has 
changed. If the settings file has been changed by any other person but the valid 
administr ator the changes will be cancelled 

30 The packet data network may be any kind of network which is capable to transmit 
data as a data packets, In addition to GPRS network in GSM system or UMTS 
system the network can be for example an Internet Protocol netwoik 

A digital signature created with the previously described public and secret key 
method can also be used as the authentication value in an advantageous embodiment 
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of the invention, rhe CRC value can be any othei erioi check value which can be 
applied to the aiiangements pieviously desciibed. 

lo a man skilled in the ait it is obvious that the original data 201 in the data packets 
can be enciypted so that it is not possible for persons not justified to find out the 
content of the message One possible solution to achieve this is to use the public and 
secret key method for encrypting the original message before the previously 
desciibed operation 

To a man skilled in tiie art it is obvious that the mobile station 101 mentioned can 
be understood as an any kind of station which is capable of transmitting data in data 
packets The station can be for example a computet device or any other kind of 
station which uses a wireless data transmission 

As well it is obvious to a man skilled in the art that the teim packet in this context 
can be understood as any kind of element, like a fiame or a cell (in ATM), in which 
data is transferred. 
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Claims 

1 , A method fbi checking of data, characterized in that 

- a first refeience value is calculated at least paitly based on a first eiioi check value 
calculated fiom the data and a fiist authentication value (202) 

5 2 A method according to claim 1^ char acter ized in that when checking the data 

- a second en or check value is calculated fi om the data, 

- a second reference value is calculated at least paitly based on a first and a second 
value from the set of said second eiioi check value, a second authentication value 
and said first reference value, 

10 - said second reference value is compared with a third value fiom the set of said 
second error* check value, said second authentication value and said first refierence 
value 

3 A method according to claim 1, char acter ized m that the data is in the form of 
packets to be sent fiom a transmitter to a receiver and said first reference value is 
15 added to the packet to be sent . 

4 . A method according to claim 3, char acterized in that the data is to be sent in a 
cellulai system 

5, A method according to claim 1, characterized in that said calculation is 
performed with tiie exclusive-OR function 

20 6 A method according to claim 2, characterized in that said first and second 
authentication values (202; 302) are derived at least partly based on a secret key 

7 A method according to claim 3, characterized in that said first and second 
authentication values (202; 302) are derived at least partly based on a packet 
number 

25 8. A method according to clahn 3, characterized m that said first and second 
authentication values (202; 302) are derived at least paitly based on the direction of 
the packet to be tiansmitted 

9. A method according to claim 2, characterized in that said first and second 
err or check values ar e CRC values (205; 303; 304). 
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10 A method accoiding to claim 2, characteTized in that said fiist and second 
authentication values aie calculated at least paitly based on the data 

11 A transmitter, character ized in that tlie tiansmittei compiises 

- means foi deriving an authentication value (202) fiom the data to be transmitted 
5 (201), 

- means fbi deriving an eiioi check value fiom the data to be tr ansmitted (201) and 

- means for combining said authentication value (202) and said enor check value 
with a logical function for producing a first reference value 

12 A transmitter accoiding to claim 9, characterized in that said logical function 
10 is exclusive-OR (203)., 

13, A receiver for receiving data having means for checking received data, 
char acter ized in that the receiver compiises 

- means for deriving a fir st reference value fiom the received data, 

■ means for calculating a second enor check value fiom the received data, 

15 - means for calculating a second reference value at least paitly based on a fust and a 
second value fiom the set of said second enor check value, a second authentication 
value and said fii st refer ence value, and 

- means for comparing said second reference value with a thud value fiom the set of 
said second enoi check value, said second authentication value and said fust 

20 reference value. 

14 A receiver accoiding to claim 12, characterized in that the receiver is 
ananged to cany out the logical function exclusive-OR (203) 

15 A station, comprising a transmitter and a receiver, characterized in that the 
transmitter compiises 

25 - means for deriving an authentication value (202) fiom the data to be transmitted 
(201), 

- means for deriving an enoi check value fiom the data to be transmitted (201) and 
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- means for oombining said authentication value (202) and said eiioi check value 
with a logical fiinction foi pi oducing a f iist reference value 

and 

the leceiver comprises 
5 - means for deriving a fu st reference value from the received data, 

- means foi' calculating a second enor check value fiom the received data, 

- means f 6i calculating a second lefeience value at least paitly based on a first and a 
second value fiom the set of said second eiror check value, a second authentication 
value and said fiistiefeience value, and 

10 - means for compaiing said second reference value with a third value fiom the set of 
said second eiioi check value, said second authentication value and said first 
reference value 

16, A station accor ding to claim 14, characterized in that the mobile station (101) 
is aiianged to cany out the logical function exclusive-OR (203) 

15 17 A station according to claims 14 or 15, characterized in tiiat the station is a 
mobile station (101) 
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